Fuzzing CAN vs. ROS: An Analysis of Single-Component vs. Dual-Component Fuzzing of Automotive Systems

2024-01-2795

04/09/2024

Features
Event
WCX SAE World Congress Experience
Authors Abstract
Content
Robust communications are crucial for autonomous military fleets. Ground vehicles function as mobile local area networks utilizing Controller Area Network (CAN) backbones. Fleet coordination between autonomous platforms relies on the Robot Operating System (ROS) publish/subscribe robotic middleware for effective operation. To bridge communications between the CAN and ROS network segments, the CAN2ROS bridge software supports bidirectional data flow with message mapping and node translation.
Fuzzing, a software testing technique, involves injecting randomized data inputs into the target system. This method plays a pivotal role in identifying vulnerabilities. It has proven effective in discovering vulnerabilities in online systems, such as the integrated CAN/ROS system. In our study, we consider ROS implementing zero-trust access control policies, running on a Gazebo test-bed connected to a CAN bus. Our objective is to evaluate system security using fuzzers in three scenarios: (i) fuzzing the CAN bus alone, (ii) fuzzing the CAN bus with a ROS Fuzzer, and (iii) fuzzing both systems simultaneously using the CAN2ROS bridge.
This paper poses the question: is fuzzing the unified system more effective than fuzzing individual components. By analyzing interactions between the bridge and the military fleets’ CAN systems, we identify and address flaws potentially introduced in the software, or data leakage between communication segments. Our analysis employs experimental design and statistical analysis to shed light on the bridge’s security robustness and its potential implications for the overall system’s integrity.
This research holds significant implications for both industry and academia. Stakeholders involved in the development of autonomous military and civilian fleets can leverage our findings to enhance system security and reliability. Ultimately, the identification and mitigation of vulnerabilities contribute to safer and more resilient military operations.
Meta TagsDetails
DOI
https://doi.org/10.4271/2024-01-2795
Pages
9
Citation
Aideyan, I., Brooks, R., and Pese, M., "Fuzzing CAN vs. ROS: An Analysis of Single-Component vs. Dual-Component Fuzzing of Automotive Systems," SAE Technical Paper 2024-01-2795, 2024, https://doi.org/10.4271/2024-01-2795.
Additional Details
Publisher
Published
Apr 09
Product Code
2024-01-2795
Content Type
Technical Paper
Language
English